This is an automated email from the ASF dual-hosted git repository. akm pushed a commit to branch document-public-API-endpoints-660 in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit e411317c87dedb47c6611616ee51db56a54da212 Author: Andrew K. Musselman <[email protected]> AuthorDate: Mon Mar 9 18:07:18 2026 -0700 Adding docs about public API endpoints; fixes #660 --- atr/docs/authorization-security.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/atr/docs/authorization-security.md b/atr/docs/authorization-security.md index dbcaf892..3200260b 100644 --- a/atr/docs/authorization-security.md +++ b/atr/docs/authorization-security.md @@ -72,6 +72,12 @@ Release operations have the following access requirements: **View release information** (public pages, download links): * Allowed for: Everyone, including unauthenticated users +* This includes the following API endpoints, which are intentionally unauthenticated because they serve the same public information available on the website: + * `/api/checks/list/<project>/<version>` — check results for a release + * `/api/checks/ongoing/<project>/<version>` — count of ongoing checks + * `/api/release/paths/<project>/<version>` — file paths in a release + * `/api/release/revisions/<project>/<version>` — revision history of a release +* Rationale: ASF release artifacts, their check results, and their metadata are public by design. The release process is transparent and these endpoints support tooling that consumes public release data. **Start a new release**: --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
